1. Securing HCM
  2. Role Inheritance

Role Inheritance

When you assign data and abstract roles to users, they inherit all of the data and function security associated with those roles. You can explore the complete structure of a job or an abstract role on the Security Console.

Each role is a hierarchy of other roles:

  • HCM data roles inherit job roles.

  • Job and abstract roles inherit many aggregate privileges. They may also inherit a few duty roles.

    In addition to aggregate privileges and duty roles, job and abstract roles are granted many function security privileges and data security policies directly.

  • Duty roles can inherit other duty roles and aggregate privileges.

Role Inheritance Example

This example shows how roles are inherited. The figure shows a few representative aggregate privileges and a single duty role. In reality, job and abstract roles inherit many aggregate privileges. Any duty roles that they inherit may themselves inherit duty roles and aggregate privileges.

This figure shows that the user Bob Price inherits two roles directly. The first of those roles is the data role HR Specialist Vision Corporation, to which the Vision Corporation security profile is assigned. The second role is the Employee abstract role, to which the View Own Record security profile is assigned. The data role HR Specialist Vision Corporation inherits the Human Resource Specialist job role. The figure shows examples of duty roles and aggregate privileges that the Human Resource Specialist job role inherits. These examples are Manage Work Relationship, Manage Absence Case, and Employee Hire. It also shows examples of aggregate privileges that the Employee role inherits, including View Payslip and Access Person Gallery.

In this example, user Bob Price has two roles:

  • HR Specialist Vision Corporation, a data role

  • Employee, an abstract role

This table describes the two roles.

Role

Description

HR Specialist Vision Corporation

Inherits the job role Human Resource Specialist. This role inherits the aggregate privileges and duty roles that provide access to the tasks and functions that a human resource specialist performs. The security profile assigned to the data role provides access to secured data for the role.

Employee

Inherits the aggregate privileges and duty roles that provide access to all tasks and functions, unrelated to a specific job, that every employee performs. The security profile assigned to the abstract role provides access to secured data for the role.